Commerce Server Security Vulnerabilities and Issues — Commerce Server CVE List

Lucene search

MicrosoftCommerce Server

9 matches found

CVE•added 2012/04/10 9:55 p.m.•1635 views

CVE-2012-0158

The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 20...

9.3CVSS7.8AI score0.94314EPSS

CVE•added 2012/08/15 1:55 a.m.•1187 views

CVE-2012-1856

The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce ...

9.3CVSS7.9AI score0.91953EPSS

CVE•added 2008/03/11 11:44 p.m.•51 views

CVE-2007-1201

Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."

9.3CVSS7.3AI score0.45718EPSS

CVE•added 2003/04/02 5:0 a.m.•37 views

CVE-2002-0621

Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer.

5CVSS7.9AI score0.16667EPSS

CVE•added 2006/03/19 1:2 a.m.•36 views

CVE-2006-1257

The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice.

7.5CVSS6.8AI score0.42308EPSS

CVE•added 2003/04/02 5:0 a.m.•34 views

CVE-2002-0623

Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun".

7.5CVSS8.5AI score0.17282EPSS

CVE•added 2002/06/25 4:0 a.m.•29 views

CVE-2002-0050

Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data.

7.5CVSS8.5AI score0.12164EPSS

CVE•added 2003/04/02 5:0 a.m.•28 views

CVE-2002-0622

The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution".

7.5CVSS7.7AI score0.10267EPSS

CVE•added 2002/07/03 4:0 a.m.•26 views

CVE-2002-0620

Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API.

5CVSS7.9AI score0.16373EPSS